smart-review 1.0.4 → 1.2.0

package/README.en-US.md

@@ -7,7 +7,8 @@
 ## ✨ Features
 
 - Static rule checks for Security, Performance, Best Practices
-- AI analysis (OpenAI-compatible) with incremental Git Diff review
+- AI analysis with unified OpenAI / Anthropic / Gemini integration
+- Skill-driven review orchestration to enforce detailed risk and fix outputs
 - Smart batching and chunked processing for large files
 - Git Hook integration (pre-commit)
 - Highly configurable and multilingual output
@@ -128,6 +129,7 @@ Add to `package.json` if you use Husky:
 - Works in Git Bash, CMD, and PowerShell
 - Press `q` or `Esc` during review to interrupt and print completed results
 - Interruptions do not fail the review; only blocking risks stop the commit
+
 ## ⚙️ Config
 
 Main config `.smart-review/smart-review.json` example:
@@ -136,6 +138,7 @@ Main config `.smart-review/smart-review.json` example:
 {
   "ai": {
     "enabled": true,
+    "provider": "openai",
     "model": "deepseek-chat",
     "baseURL": "https://api.deepseek.com/v1",
     "reviewOnlyChanges": true,
@@ -145,6 +148,37 @@ Main config `.smart-review/smart-review.json` example:
     "useStaticHints": true,
     "maxRequestTokens": 8000,
     "temperature": 0,
+    "skills": {
+      "enabled": true,
+      "strict": false,
+      "maxSkillsPerRequest": 4,
+      "required": ["DIFF_RISK_GUARD", "EVIDENCE_ENFORCER"],
+      "optional": ["SECURITY_DEEP", "LOGIC_CORRECTNESS", "API_CONTRACT"],
+      "routes": [
+        {
+          "match": ["**/auth/**", "**/security/**"],
+          "modes": ["diff", "batch", "segment"],
+          "add": ["SECURITY_DEEP", "API_CONTRACT"]
+        }
+      ]
+    },
+    "tools": {
+      "enabled": false,
+      "maxCalls": 2,
+      "maxReadLines": 400,
+      "maxSearchMatches": 50,
+      "maxSearchFiles": 120,
+      "maxListFiles": 200,
+      "allow": [
+        "read_file",
+        "get_staged_diff",
+        "list_files",
+        "search_in_file",
+        "get_file_outline",
+        "search_in_repo",
+        "list_changed_files"
+      ]
+    },
     "concurrency": 3
   },
   "riskLevels": {
@@ -162,8 +196,9 @@ Main config `.smart-review/smart-review.json` example:
 
 #### AI (`ai`)
 - `enabled`: Enable AI analysis
-- `model`: OpenAI model name
-- `apiKey`: OpenAI API key
+- `provider`: Model provider, supports `openai`, `anthropic`, `gemini`
+- `model`: Model name for the selected provider
+- `apiKey`: Unified API key field (or use environment variables)
 - `baseURL`: API base URL
 - `reviewOnlyChanges`: Enable Git Diff incremental review; true analyzes only changed lines
 - `maxResponseTokens`: Max tokens in AI response
@@ -177,7 +212,28 @@ Main config `.smart-review/smart-review.json` example:
 - `includeStaticHints`: Include rule hints in AI analysis
 - `temperature`: Model creativity; 0 favors deterministic outputs
 - `concurrency`: Number of concurrent AI requests
-
+- `skills.enabled`: Enable review skill orchestration
+- `skills.strict`: Enforce output constraints (path/snippet/reason/suggestion)
+- `skills.maxSkillsPerRequest`: Max skills applied in one request
+- `skills.required`: Required skill list
+- `skills.optional`: Optional skill list (mode-based supplement)
+- `skills.routes`: Dynamically append skills by file path and mode (`match/modes/add`)
+- `tools.enabled`: Enable local read-only tool calling (see tool list below)
+- `tools.maxCalls`: Max tool-call rounds per request
+- `tools.maxReadLines`: Max lines for single `read_file` call
+- `tools.maxSearchMatches`: Max returned matches for `search_in_file` / `search_in_repo`
+- `tools.maxSearchFiles`: Max scanned files for one `search_in_repo` call
+- `tools.maxListFiles`: Max returned files for one `list_files` call
+- `tools.allow`: Tool allowlist (only listed tools can be called by the model)
+
+#### AI Read-Only Tool List (`ai.tools.allow`)
+- `read_file`: Read specific line ranges from one file
+- `get_staged_diff`: Get staged Git diff (optionally filtered by path)
+- `list_files`: Recursively list repository files (supports subdir and keyword/wildcard filtering)
+- `search_in_file`: Search text or regex in a single file
+- `get_file_outline`: Extract lightweight file outline (class/function/method signatures)
+- `search_in_repo`: Search text or regex across repository files (with scan and result caps)
+- `list_changed_files`: List changed Git files (supports staged/unstaged and status filtering)
 #### Risk Levels (`riskLevels`)
 - `critical` / `high` / `medium` / `low` / `suggestion`
 - Each level supports `block` to decide whether to block commits
@@ -534,7 +590,11 @@ To add a new language (e.g., `ja-JP`), create `templates/rules/ja-JP/` with the
 ## 🌍 Environment Variables
 
 ```bash
+export AI_API_KEY="your-api-key"
 export OPENAI_API_KEY="your-api-key"
+export ANTHROPIC_API_KEY="your-api-key"
+export GEMINI_API_KEY="your-api-key"
+export GOOGLE_API_KEY="your-api-key"
 export DEBUG_SMART_REVIEW=true
 export SMART_REVIEW_LOCALE=en-US
 ```
@@ -543,7 +603,7 @@ To use a custom OpenAI-compatible endpoint, set `ai.baseURL` in `.smart-review/s
 
 ```json
 {
-  "ai": { "baseURL": "https://api.openai.com/v1" }
+  "ai": { "provider": "openai", "baseURL": "https://api.openai.com/v1" }
 }
 ```
 
@@ -581,4 +641,4 @@ smart-review --staged --debug
 4. Push the branch (`git push origin feature/amazing-feature`)
 5. Open a Pull Request
 
-⭐ If this project helps you, please star the repo!
+⭐ If this project helps you, please star the repo!

package/README.md

@@ -7,7 +7,8 @@
 ## ✨ 特性
 
 - 🔍 **静态规则检测** - 内置安全、性能、最佳实践规则
-- 🧠 **AI智能分析** - 基于 OpenAI GPT 的深度代码分析
+- 🧠 **AI智能分析** - 支持 OpenAI / Anthropic / Gemini 的统一对接
+- 🧩 **审查技能编排** - 支持 Skills 约束输出，强制细化风险分析与修复建议
 - ⚡ **Git Diff增量审查** - 智能识别变更内容，只审查修改的代码行，大幅提升审查效率
 - 🚀 **智能分批处理** - 自动优化大文件处理，支持分段分析
 - 📊 **大文件支持** - 智能分段处理超大文件，突破token限制
@@ -130,10 +131,12 @@ node bin/review.js --files test/src/large-test-file.js
   }
 }
 ```
+
 #### 中断与终端兼容
 - 支持在 Git Bash、CMD、PowerShell 中进行交互中断
 - 审查过程中输入 `q` 或按 `Esc` 可中断审查并输出已完成结果
 - 中断不会被视为审查失败，只有存在阻断风险才会阻止提交
+
 ## ⚙️ 配置文件
 
 ### 主配置文件 `.smart-review/smart-review.json`
@@ -142,6 +145,7 @@ node bin/review.js --files test/src/large-test-file.js
 {
   "ai": {
     "enabled": true,
+    "provider": "openai",
     "model": "deepseek-chat",
     "apiKey": "your-api-key",
     "baseURL": "https://api.deepseek.com/v1",
@@ -156,6 +160,37 @@ node bin/review.js --files test/src/large-test-file.js
     "tokenRatio": 4,
     "chunkOverlapLines": 5,
     "includeStaticHints": true,
+    "skills": {
+      "enabled": true,
+      "strict": false,
+      "maxSkillsPerRequest": 4,
+      "required": ["DIFF_RISK_GUARD", "EVIDENCE_ENFORCER"],
+      "optional": ["SECURITY_DEEP", "LOGIC_CORRECTNESS", "API_CONTRACT"],
+      "routes": [
+        {
+          "match": ["**/auth/**", "**/security/**"],
+          "modes": ["diff", "batch", "segment"],
+          "add": ["SECURITY_DEEP", "API_CONTRACT"]
+        }
+      ]
+    },
+    "tools": {
+      "enabled": false,
+      "maxCalls": 2,
+      "maxReadLines": 400,
+      "maxSearchMatches": 50,
+      "maxSearchFiles": 120,
+      "maxListFiles": 200,
+      "allow": [
+        "read_file",
+        "get_staged_diff",
+        "list_files",
+        "search_in_file",
+        "get_file_outline",
+        "search_in_repo",
+        "list_changed_files"
+      ]
+    },
     "temperature": 0,
     "concurrency": 3
   },
@@ -186,8 +221,9 @@ node bin/review.js --files test/src/large-test-file.js
 
 #### AI 配置 (`ai`)
 - `enabled`: 是否启用AI分析
-- `model`: OpenAI模型名称
-- `apiKey`: OpenAI API密钥
+- `provider`: 模型提供方，支持 `openai`、`anthropic`、`gemini`
+- `model`: 对应提供方的模型名称
+- `apiKey`: 统一 API 密钥字段（也可通过环境变量注入）
 - `baseURL`: API基础URL
 - `reviewOnlyChanges`: 是否启用Git Diff增量审查模式。`true`时只审查变更的代码行，`false`时审查整个文件内容。默认为`true`，大幅提升审查效率
 - `maxResponseTokens`: AI响应最大token数
@@ -202,6 +238,28 @@ node bin/review.js --files test/src/large-test-file.js
 - `includeStaticHints`: 是否在AI分析中包含静态规则提示
 - `temperature`: AI模型的创造性参数，0表示最确定性的输出
 - `concurrency`: 并发AI请求数量，默认3个。设置为1或更小时使用串行处理，大于1时启用并发处理以提升性能
+- `skills.enabled`: 是否启用审查技能编排
+- `skills.strict`: 是否强制检查输出是否满足“路径/片段/原因/建议”约束
+- `skills.maxSkillsPerRequest`: 单次请求最多启用的技能数量
+- `skills.required`: 必选技能列表
+- `skills.optional`: 可选技能列表（按模式补充）
+- `skills.routes`: 按文件路径和模式动态追加技能（`match/modes/add`）
+- `tools.enabled`: 启用本地只读工具调用（见下方工具清单）
+- `tools.maxCalls`: 单次请求最多工具调用轮次
+- `tools.maxReadLines`: `read_file` 单次读取最大行数
+- `tools.maxSearchMatches`: `search_in_file` / `search_in_repo` 单次最多返回匹配条数
+- `tools.maxSearchFiles`: `search_in_repo` 单次最多扫描文件数
+- `tools.maxListFiles`: `list_files` 单次最多返回文件数
+- `tools.allow`: 工具白名单（仅允许模型调用白名单中的工具）
+
+#### AI 只读工具清单 (`ai.tools.allow`)
+- `read_file`: 读取指定文件的行区间
+- `get_staged_diff`: 获取暂存区 diff（可按文件路径过滤）
+- `list_files`: 递归列出仓库内文件（支持子目录和关键字/通配符过滤）
+- `search_in_file`: 在单个文件内按文本或正则搜索
+- `get_file_outline`: 提取文件结构轮廓（类/函数/方法等）
+- `search_in_repo`: 在仓库范围内按文本或正则搜索（支持扫描文件数和结果数上限）
+- `list_changed_files`: 获取 Git 变更文件列表（支持 staged/unstaged 和状态过滤）
 
 #### 风险等级配置 (`riskLevels`)
 - `critical`: 致命风险
@@ -563,8 +621,15 @@ const reviewer = new CodeReviewer(customConfig, defaultRules);
 可通过环境变量配置：
 
 ```bash
-# OpenAI API配置
+# 统一 API 配置（最高优先级）
+export AI_API_KEY="your-api-key"
+
+# 按 Provider 配置
 export OPENAI_API_KEY="your-api-key"
+export ANTHROPIC_API_KEY="your-api-key"
+export GEMINI_API_KEY="your-api-key"
+# 或 Google 生态变量
+export GOOGLE_API_KEY="your-api-key"
 
 # 调试模式
 export DEBUG_SMART_REVIEW=true
@@ -581,7 +646,7 @@ export SMART_REVIEW_LOCALE=zh-CN  # 或 en-US
 
 ```json
 {
-  "ai": { "baseURL": "https://api.openai.com/v1" }
+  "ai": { "provider": "openai", "baseURL": "https://api.openai.com/v1" }
 }
 ```
 
@@ -743,13 +808,4 @@ smart-review --staged --debug
 4. 推送到分支 (`git push origin feature/amazing-feature`)
 5. 开启 Pull Request
 
-## 📞 支持
-
-- 📧 邮箱: zlife@vip.qq.com
-- 🐛 问题反馈: [GitHub Issues](https://github.com/vlinr/smart-review/issues)
-
----
-
 ⭐ 如果这个项目对你有帮助，请给个 Star！
-
-

package/lib/ai-client-pool.js

@@ -39,6 +39,7 @@ export class AIClientPool {
         ...this.config.ai,
         reviewDir: this.config.reviewDir,
         locale: this.config.locale,
+        projectRoot: this.config.projectRoot,
         cancelToken
       });
       client.poolId = i;